jacobianThis is your regular reminder that if you're still using LastPass you should, uh, stop that.
https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
Łukasz Langa@jacob reporting security incidents should be the norm but I'm sure there are countless instances where this is not the case. LastPass reported theirs now, I'm afraid that if they meet with scorn and hostility for it, their competitors (or themselves in the future) might decide against being open about this sort of thing.
Besides, since all data is E2E encrypted, it doesn't seem like this actually put users in danger this time?
@ambv generally I'd agree with you but this is different.
It's not just this one incident; they've had a series of terrible incidents & appear to learn nothing. Eg: E2E encryption is littered with bugs and has been broken/bypassed repeatedly. The master key is accessible by the sever. Malicious plugins can exfil your master password. The support forum (phpbb) somehow knows your master password. And more.
This isn't about scorning; LastPass is actively unsafe and people need to not use it.
@jacob OK, having the master password shared around is a dealbreaker indeed. What are you using?
@ambv I use and recommend 1Password.
AFAIK Dashlane is fine too — they've had some serious issues in the past too, but unlike LastPass seem to have fixed them all and are pretty solid now.
I believe Bitwarden is OK too, but have less info there. And I understand that KeePass and KeePassXC are good if you don't want a cloud component (but I do want a cloud component, so haven't tried them.)
Paul Ganssle@jacob @ambv FWIW I’ve been using KeepassXC (and before that KeepassX and Keepass) for over a decade. I sync it to all my devices over WAN-only using syncthing, but it would be pretty easy to sync using any other file syncing service. Very happy with it, and I’m also happy with Keepass2Android Offline as well.
Paolo Melchiorre
Dylan 
mr.nEJC 🏳️🌈 🏳️⚧️